Open-source technologies, such as Kubernetes, are growing and expanding the demand for cloud-native computing.
But with this growth comes commercialization and a steady rise in instances of security pipeline vulnerabilities. How do precautions such as software provenance play into keeping the delivery pipeline tightly sealed?
“Nowadays, with the number of vulnerabilities coming through, what people are most worried about is the provenance of the software and making sure that it has been vetted and safe … and that things that you get from your vendor should be more secure than things that you’ve just downloaded off of GitHub, for example,” said Gunnar Hellekson (pictured, left), vice president and general manager of the Red Hat Enterprise Linux Business Unit at Red Hat Inc.
Hellekson and Adnan Ijaz (pictured, right), director of product management at Amazon Web Services Inc., spoke with theCUBE industry analyst John Furrier at the recent AWS re:Invent conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed trends surrounding securing enterprise software supply chains, particularly in the context of COVID-related complexities. (* Disclosure below.)
The convergence of physical and software infrastructures is a major factor
The convergence of physical and software infrastructures is a result of software becoming invaluable to critical infrastructures. More people and teams are using and fine-tuning the software, and, as a result, more issues are being uncovered and remediated, according to Hellekson. And while the industry has gotten good at finding and resolving vulnerabilities, it’s still struggling to maintain provenance logs showing entire software life cycles.
“I think we’re going to have more rules come out, and I see that [the National Institute of Standards and Technology] has already published some of them,” Hellekson explained. “And as these new rules come out, the whole industry is going to have to pull together and rally around some of this shared understanding so we can all have shared expectations and speak the same language when we’re talking about this problem.”
AWS is the largest cloud company globally and accounts for a considerable share of cloud solutions and software distribution. In helping its customers with their software supply chains, the company begins by abstracting away the entire data center construct and replacing it with on-demand cloud instances, according to Ijaz.
In addition, the essential task of imbuing agility into these supply chains is the area in which Red Hat and AWS are collaborating, Ijaz added. These efforts have brought forth Red Hat OpenShift Service on AWS (or ROSA).
“The benefit there is that you can actually use the services that are relevant for the supply chain solutions like Amazon Managed Blockchain and SageMaker,” he stated. “So, you can actually build predictive analytics, you can improve forecasting, and you can make sure that you have solutions that help you identify where you can cut costs.”
Another aggravating factor for the supply chain issues is the pertinent skills gap. And a proven approach for companies is combining automation with AWS’ elasticity to convert the bulk of capital expenses to operational expenses and reduce labor requirements, according to Hellekson.
“That gives you a platform, and then what do you do with that platform?” he asked “If you’ve got your systems automated and you’ve got this elastic infrastructure underneath you, what you do on top of it is really interesting.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent:
(* Disclosure: Red Hat Inc. sponsored this segment of theCUBE. Neither Red Hat nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)